npm users, brace yourselves for changes to authentication and publishing.
GitHub has just signaled its intent. It plans to narrow, “in the near future,” the range of options available. Only the following will remain:
- Local publishing with MFA required
- Granular tokens with a lifespan limited to 7 days
- Trusted publishing
In this framework, the classic legacy tokens will be removed. The same applies to MFA based on TOTP codes: you will need to use FIDO methods. As for granular tokens, they will expire more quickly if they include publish permissions.
GitHub also intends to configure publishing so that tokens are not allowed by default. Goal: to encourage the use of local publishing with MFA… or trusted publishing. This feature implements a standard defined by the OpenSSF. It uses OIDC authentication to establish a trust relationship between npm and CI/CD providers (for now, GitHub Actions and GitLab pipelines; self-hosted runners are not supported). PyPI was the first package manager to adopt it, in 2023. RubyGems, crates.io and NuGet, among others, followed suit.
npm recently compromised by a worm
On npm, trusted publishing has been integrated since July 2025. It was initially intended to let usage grow without any particular incentives. But the current context does not permit it, claims GitHub.
Originally, there was possibly a phishing campaign targeting developers, invited to “update” their MFA connection options. The accounts thus compromised were used to publish a package containing malware. The malware detected credentials in the compromised environment (tokens npm and GitHub, AWS/Azure/GCP API keys) and exfiltrated them… while making them public on the victims’ GitHub accounts. The stolen npm tokens enabled an automated propagation of the malware, a worm-like behavior. More than 500 packages are believed to have been compromised.
At present, on npm, it remains possible not to require MFA for publishing packages and for changing their settings. For those who enable it, there remains the option to authorize tokens, granular or legacy.
Legacy tokens (also called automation tokens) allow downloading packages and publishing them. They inherit the permissions of the user who creates them.
Granular tokens have an expiration date and can be associated with organizations. They can also be limited to certain packages and to certain IP address ranges.
